CVE-2026-33747 is a path traversal vulnerability classified under CWE-22 affecting moby buildkit, a toolkit used to convert source code into build artifacts efficiently. The flaw exists in versions prior to 0.28.1 and arises when a custom BuildKit frontend is used. Specifically, the frontend can craft API messages that cause files to be written outside the BuildKit state directory, which is intended to restrict file operations to a safe execution context. This improper limitation of pathname allows an attacker to escape the sandboxed directory and write arbitrary files anywhere on the host filesystem accessible to the build process. The vulnerability is triggered by specifying an untrusted frontend via the #syntax directive or the --build-arg BUILDKIT_SYNTAX build argument. Notably, using trusted and well-known frontends such as docker/dockerfile does not expose this vulnerability. The flaw does not require privileged access or user interaction, but it does require the ability to specify or influence the build frontend, which typically implies local or CI/CD pipeline access. The vulnerability has a CVSS v3.1 score of 8.4, reflecting its high impact on confidentiality, integrity, and availability. The vendor fixed the issue in buildkit version 0.28.1 by properly restricting file writes to the designated state directory, preventing path traversal attacks.

The vulnerability allows attackers to write arbitrary files outside the intended build directory, potentially leading to arbitrary code execution, privilege escalation, or persistent compromise of the build environment. This can undermine the confidentiality of sensitive build artifacts or credentials, corrupt build outputs, and disrupt the availability of build services. Organizations relying on BuildKit for container image builds or other automated build pipelines that incorporate custom or untrusted frontends are at risk. Attackers with access to configure build frontends could leverage this flaw to implant malicious files or backdoors on build servers or CI/CD infrastructure. This risk extends to cloud environments, on-premises data centers, and developer workstations using vulnerable BuildKit versions. The absence of known exploits in the wild suggests limited current exploitation, but the high severity and ease of exploitation without authentication warrant immediate attention to prevent future attacks.

1. Upgrade all BuildKit instances to version 0.28.1 or later, where the vulnerability is patched. 2. Restrict usage of custom BuildKit frontends; only allow trusted and verified frontend images such as docker/dockerfile. 3. Implement strict validation and whitelisting of build arguments, especially those that specify frontends (#syntax or BUILDKIT_SYNTAX). 4. Monitor build pipelines and logs for unusual file write operations or unexpected frontend usage. 5. Employ container runtime security policies to limit filesystem write permissions of build processes. 6. Isolate build environments to minimize the impact of potential compromise, using ephemeral containers or sandboxing. 7. Educate developers and DevOps teams about the risks of using untrusted frontends and enforce secure build practices. 8. Regularly audit build infrastructure for outdated BuildKit versions and unauthorized configuration changes.